In June 2026, Langflow disclosed a cluster of 11 security vulnerabilities through OSV.dev advisories (sources 3-18).

In June 2026, Langflow disclosed a cluster of 11 security vulnerabilities through OSV.dev advisories (sources 3-18). The vulnerabilities include Remote Code Execution (RCE) via the Shareable Playground feature (GHSA-v5ff-9q35-q26f, PYSEC-2026-243), arbitrary file read (GHSA-rcjh-r59h-gq37, PYSEC-2026-244), path traversal in Knowledge Bases API (GHSA-79ph-745m-6wxq), Insecure Direct Object References (IDOR) in multiple endpoints (GHSA-9c59-2mvc-vfr8, GHSA-qrpv-q767-xqq2), unauthenticated denial-of-service (GHSA-qwqc-p3q8-wcg9), unauthenticated file upload leading to DoS and information leak (GHSA-x223-p2gf-v735), and a session persistence issue (GHSA-7hw8-6q6r-4276). The affected versions range from before 1.7.0 to before 1.10.0. Mitigations were released in versions 1.7.0, 1.9.0, 1.9.1, 1.9.2, and 1.10.0. The PyPI release of langflow 1.11.0.dev24 on 2026-06-28 (source 2) likely incorporates these fixes. The severity and variety of vulnerabilities (including unauthenticated RCE and data access) raise concerns about Langflow's security posture, potentially impacting trust and adoption among enterprise users who require robust security for AI workflow tools. While patches are available, the rapid discovery of multiple critical flaws may prompt users to evaluate alternatives or delay deployment. The Langflow website (source 1) continues to market the product as a tool for leading AI development teams, but this security incident could undermine that positioning.